Use Docker in SUNK
This guide explains how to use Docker inside a SUNK cluster, using a technique known as Docker-in-Docker (DinD). This approach enables automated evaluations and allows you to run benchmarks, such as SWE-bench, within your SUNK cluster.
The solution presented in this guide requires enabling privileged pods and disabling the AppArmor profile recommended for use in SUNK. This process grants elevated kernel capabilities and weakens isolation guarantees. See the known security risks section for more details.
It is your responsibility to verify that third-party code is safe to execute alongside your other workloads.
Enable Docker-in-Docker
To disable AppArmor and run privileged pods, edit the values.yaml file of the Slurm Helm chart.
In the compute section of the slurm Helm chart:
-
Create an
s6block to install and enable Docker. -
Add a volume mount for Docker using the
volumeMountandvolumesblocks. -
Under
pyxis, apply the following settings:- Set
pyxis.enabledtotrue. - Set
pyxis.appArmorProfiletonullto disable the AppArmor profile. - Set
pyxis.podSecurityContexttonullto remove the pod security context.
- Set
-
Under
securityContext, setsecurityContext.privilegedtotrue.The result should resemble the following:
Examplecompute:s6:docker:type: longrunscript: |#!/bin/shcurl -fsSL https://get.docker.com | shdockerdvolumeMounts:- mountPath: /var/lib/dockername: docker-storagevolumes:- name: docker-storageemptyDir: {}pyxis:enabled: trueappArmorProfile: nullpodSecurityContext: nullsecurityContext:privileged: true -
To verify that the AppArmor profile is correctly disabled, run the following command:
Example$kubectl describe po <slurmd-node-name> | grep LocalhostProfileThis should return no output. If it outputs
LocalhostProfile: profiles/enroot, then the configuration is not applied correctly.
Grant users Docker access
After disabling AppArmor and enabling privileged pods, you will need to grant users access to Docker.
If not running as root, users must belong to the sudoers group. If the SUNK cluster manages users with SUNK User Provisioning (SUP), set nsscache.sudoGroups to the groups that should have sudo privileges.
For SUP-based clusters, configure nsscache: to provision access via SCIM, and list the sudo-enabled groups under sudoGroups:. Group names must exactly match the group names in CoreWeave IAM or your upstream IdP. Refer to the SUP documentation on creating user groups
nsscache:sudoGroups:- slurm-sudo- additional-group
SSSD-based clusters
For SSSD-based clusters, set the sudoGroups: configuration in directoryService: to a list of Unix groups from all directories with sudo privileges.
- The group names are not fully-qualified for the default directory. For example, the default directory's group name should be
group1instead of[email protected]. - The group names are fully-qualified for any additional directories.
directoryService:
Known security risks
Kubernetes provides a comprehensive list of pod security standards. Below, we have outlined the subset more relevant to SUNK, but all of the standards listed in the Kubernetes documentation should be considered when assessing risk.
The setup described in this article:
- Runs Docker inside a pod
- Requires privileged mode
- Disables AppArmor protections
This setup will grant full access to the /proc and sys directories, and will allow kernel-level operations, including mounting, pivoting root, and process tracing.
Item at risk: cgroups
cgroups handle management and monitoring of resources used by Slurm jobs. In privileged mode, users could bypass cgroup restrictions, reconfigure the resource limits set by Slurm, and move processes outside of their assigned cgroups.
Item at risk: System and Security
Disabling AppArmor on a privileged pod removes additional security features, including protections against kernel exploits. This allows unrestricted access to the /proc and /sys directories. Without AppArmor protections in place, users could gain access to and tamper with other containers in the pod, or access other devices outside the intended allocation.